Recent vulnerabilities and exploits

5
CVSSv2
CVE-2019-15225

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to...

EnvoyproxyEnvoy
4.3
CVSSv2
CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari....

Cure53Dompurify
1.9
CVSSv2
CVE-2019-2525

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure...

OracleVm Virtualbox
4.6
CVSSv2
CVE-2019-2548

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...

OracleVm Virtualbox
NA
CVE-2018-16135

<!-- '"` --><!-- </textarea></xmp> --> In this repository All GitHub ...

7.6
CVSSv2
CVE-2018-8389

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This...

MicrosoftInternet Explorer
10
CVSSv2
CVE-2018-12798

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user....

AdobeAcrobat DcAcrobat Reader Dc
7.5
CVSSv2
CVE-2018-14442

Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs....

FoxitsoftwareFoxit ReaderPhantompdf
6.8
CVSSv2
CVE-2018-9951

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

FoxitsoftwareFoxit ReaderPhantompdf
4.3
CVSSv2
CVE-2018-9950

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

FoxitsoftwareFoxit ReaderPhantompdf